|Applies To||RSA Product Set: SecurID|
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.2 SP1 up to 8.3 base
O/S Version: 11.4
|Cause||An as yet unknown network packet or event triggered an exception on the authentication service port. Exception handing code changes caused the connection on which this exception was received to stop listening for network traffic on that connection, specifically 5500 UDP, the authentication service port. When this exception was encountered, instead of being handled it caused a second exception which broke authentications by making 5500 UDP unresponsive.|
The current hot fix (as of 18 January 2018) which will be added to Authentication Manager 8.2 SP1 and Authentication Manager 8.3 patches now handles this network exception on 5500 UDP instead of triggering the second exception that broke authentications.
|Resolution||This issue has been documented in defects AM-31699 and AM-31708 and it has been resolved in a hot fix. The fix detects this network condition/event along with a change to the code that handles the exception. Contact RSA Technical Support to obtain the hot fix.|
Applying the hot fix
The hot fix is contained in the common-am-220.127.116.11.0.jar file. On all Authentication Manager 8.2 servers depending upon the patch level, the corresponding version of common-am-8.2.1.x.0.jar needs to be replaced. In this example, the server is running Authentication Manager 8.2 SP1 patch 6; hence, the common-am-18.104.22.168.0.jar file name is being used.
|Workaround||Reboot all Authentication Manager servers.|
Note that rebooting a primary or replica server will correct the behavior of only that server.
AM-31699 – In specific network environments, RSA Authentication Manager sometimes stopped responding to authentication requests on certain network ports, which prevented successful authentication until the server was restarted.